Dell

Managing Dell Server Firmware and iDRAC Configuration with PowerShell and RACADM

Date Published: January 31, 2022

This guide provides steps for updating Dell server firmware in the recommended sequence, configuring iDRAC settings, and leveraging useful PowerShell commands for BIOS settings.

Firmware Update Order

For optimal performance, Dell recommends the following firmware update sequence. Follow this order to prevent potential issues during upgrades:

  1. iDRAC Firmware
  2. PERC Drivers
  3. PERC Firmware
  4. HBA Drivers
  5. HBA Firmware
  6. NIC Driver
  7. NIC Firmware
  8. BIOS Firmware
  9. Power Supply Firmware
  10. Hard Disk Drive Firmware
  11. Lifecycle Controller Firmware
  12. Chipset Drivers/Firmware

For detailed guidance, refer to Dell’s official article.

Retrieve Dell Service Tag

To retrieve the service tag of a Dell server:

wmic bios get serialnumber

Update SSL Certificate on iDRAC

To upload an SSL certificate and key to iDRAC:

racadm -r <iDRAC_IP> -u <username> -p <password> sslkeyupload -t 1 -f filename.key
racadm -r <iDRAC_IP> -u <username> -p <password> sslcertupload -t 1 -f filename.cer

Change iDRAC NIC Mode:

  • For firmware version 1.30.30 or newer: 
    racadm set iDRAC.NIC.Selection 1
  • For firmware version older than 1.30.30: 
    racadm config -g cfgLanNetworking -o cfgNicSelection 1

Remove VLAN Tagging from iDRAC

To disable VLAN tagging on iDRAC:

racadm config -g cfgLanNetworking -o cfgNicVLANEnable 0

Additional iDRAC Commands

Restart Web Server with Enforced TLS Encryption:

racadm tlsEncryptionStrength set 1 –webserverrestart

Enable NIC Configuration:

racadm config -g cfgLanNetworking -o cfgNicEnable 1

Update Security Settings:

racadm config -g cfgRacSecurity -o cfgRacSecCsrKeySize 2048

Dell BIOS Configuration with PowerShell

Use the DellBIOSProvider module for querying and configuring Dell BIOS settings.

Retrieve Dell BIOS Settings:

Get-DellBiosSettings

Example: Check Current SMM Security Mitigation Setting:

(Get-Item -Path DellSmbios:\Security\SmmSecurityMitigation).CurrentValue

Attempt to Change BIOS Settings:

(Note: Ensure you have the correct BIOS password.)

Set-Item -Path DellSmbios:\Security\SmmSecurityMitigation -Value "Disabled" -Password <"biospassword">

For advanced scenarios or troubleshooting, consult Dell’s official documentation.